package org.ccay.manage.security.service;

import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.ws.rs.GET;
import javax.ws.rs.PUT;
import javax.ws.rs.Path;
import javax.ws.rs.PathParam;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;

import org.apache.shiro.authz.AuthorizationInfo;
import org.ccay.core.base.BatchVO;
import org.ccay.core.exception.ApplicationException;
import org.ccay.security.annotation.SecurityOperation;
import org.ccay.security.annotation.SecurityResource;
import org.ccay.security.entity.Permission;
import org.ccay.security.vo.PermissionTreeNodeVO;
import org.ccay.security.vo.ProgramRolesVO;

/**
 * 管理权限
 * @author chaowangbang
 * @since 2017年2月19日
 */
@Path("/permissionManage")
@Produces("application/json")
@SecurityResource(code="permissionManage",name="系统管理|用户及权限管理|权限管理")
public interface IPermissionManageService {
	
	
	@PUT
	@Path("/saveRolePermissions/{roleId}")
	@SecurityOperation(code="saveRolePermissions",name="角色授权")
	void saveRolePermissions(List<String> permissions,@PathParam("roleId")Long roleId);
	
	
	@GET
	@Path("/findPermissionTree")
	@SecurityOperation(code="findPermissionTree",name="查询角色权限")
	List<PermissionTreeNodeVO> findPermissionTree(@QueryParam("roleId")Long roleId);
	
	@GET
	@Path("/findUserCurrentPermissions")
	@SecurityOperation(code="findUserCurrentPermissions",name="查询用户当前权限")
	AuthorizationInfo findUserCurrentPermissions(@QueryParam("userId")Long userId);
	
	/**
	 * 通过角色ID获取权限点的字符串表示
	 * @param roleId
	 * @return
	 */
	List<String> findPermissionStringByRoleId(@QueryParam("roleId")Long roleId);
	
	@GET
	@Path("/findProgramRolesByUserId/{userId}")
	List<ProgramRolesVO> findProgramRolesByUserId(@PathParam("userId")Long roleId);
	
	/**
	 * 用户授权
	 * @param batchItems
	 * @throws ApplicationException
	 */
	@PUT
	@Path("/userAuthz/{userId}")
	@SecurityOperation(code="userAuthz",name="用户授权",desc="为用户分配角色及数据范围")
	Map<String, Object> userAuthz(BatchVO<ProgramRolesVO> batchItems,@PathParam("userId")Long userId);


	/**
	 * 用户授权校验
	 * @param batchItems
	 * @param userId
	 * @return
	 */
	Map<String, Object> validateForUserAuthz(BatchVO<ProgramRolesVO> batchItems,Long userId);


	/**
	 * 获取当前系统的所有权限点
	 * @return
	 */
	Set<Permission> findAllPermissionList();
}
